Success Story

Herjavec Group Testimonial: U of L Health

Name: Herjavec Group Testimonial: U of L Health
Uploaded: 2021-10-06T22:17:30-04:00
Duration: 4 min 14 s
Description: Steven Ramirez, CISO, U of L Health, discusses the current state of cybersecurity in the healthcare industry and the challenges his team faced during the COVID-19 Pandemic. U of L Health’s partnership with Herjavec Group as a managed security services provider helped them gain control of security operations and accelerate their cybersecurity program as a key business driver.

Steven Ramirez, CISO, U of L Health, discusses the current state of cybersecurity in the healthcare industry and the challenges his team faced during the COVID-19 Pandemic. U of L Health’s partnership with Herjavec Group as a managed security services provider helped them gain control of security operations and accelerate their cybersecurity program as a key business driver.

Full video transcript:

“My name is Steven Ramirez, and I’m currently the chief information security officer at UofL Health. We have nine total sites, five hospitals, four outpatient clinics, and roughly 12,000 employees. We’re an academic medical center with trauma one and also a transplant center. Security is fundamental to health care because of the wealth of data that we have. Everything is interconnected, and COVID-19 really helped push the hand of the digital transformation throughout healthcare. Being a research and academic center, we’re pretty innovative and have a lot of technologies, we do have a lot of IOT, medical devices and other things connecting to our network as well as BYOD and different devices that people need to utilize to deliver care that makes us a little unique, and that gives us a wider attack surface, and really requires our team to understand our end users and the support services that we’re providing. That anything we do can have an upstream or downstream impact on patient care and patient operations.

Having our partnership with Herjavec Group was really helpful in that that we had key components as part of our managed service. So that really helped us to scale and not have to send our security operations home. They were business as usual. That really enabled my team to adapt to the changing environment and continue to monitor and ensure we were living up to the security posture that we had prior to the event. That was a value add – having HG as that support structure to minimize the movement of a lot of pieces that a typical in-house SOC managed service would have to do. Having experts that do that all day every day really enables you to focus on how you can optimize and focus on your day-to-day risk.

One of the reasons that we went with Herjavec Group was the multitude of services that they provide from full managed service to tailored services that you need. So on top of us having various managed services, we also looked at an incident response retainer in the event, we had to go in and do any deep diving – having access to a bench of professionals that could dive in and do that forensic work for us, but also on offensive services that, would really enable us to not only just go out and, do our normal day to day security operations, but really where we can go fine-tune and find any gaps in our current security posture. That was really part of our overall defense in-depth strategy. Not only having the processes, policies, security controls that we were looking at, but also baking in the components of managed service so if something were to go wrong, we can leverage our incident response retainer. All of the work that we’re doing and also on the proactive services – that’s key in this day and age to really help mitigate risk and really have that extra set of eyes to continually boil the ocean, to see where you can better enhance your security posture as an organization.

Another great value add to the Herjavec Group relationship is that we’re able to have that, Herjavec Group family – we like to call it. So being able to interact with fellow customers – if somebody else on the west coast, for example, is looking at a tool and I’m using that, or has a question around a process on, on what we do for third-party risk management, or I have a question about something, the Herjavec Group team is awesome for putting us in contact with our peers within the CISO community. That enables us to interact within our Herjavec Group customer base to share lessons learned, share what they see going on. So not only are we able to work with our managed service provider, but our fellow peers in the field. It’s a great resource to have that on top of what we already have, with HIMS or ISACA groups and other security networking events out there. So it’s just another value add to the services that you get with HG.”